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REMARKS 

Claims 1-17 were previously pending in the patent 
application and, by this amendment, Applicants add Claims 
18-20. No additional fee is due for the addition of three 
new dependent claims, wherein the total number of claims 
does not exceed twenty. 

The Examiner has rejected Claims 1, 5, 12, 13, 15 and 
16 under 35 USC 112 as indefinite; Claims 1, 3-5, 7-8, 
12-13, 15, and 16 under 35 USC 103 as unpatentable over the 
teachings of Thomlinson in view of Aziz; Claims 2 and 6 as 
unpatentable over Thomlinson in view of Aziz and further in 
view of Mi; Claims 9, 14, and 17 as unpatentable over 
Thomlinson in view of Aziz and Jablon; Claim 10 as 
unpatentable over Thomlinson in view of Aziz and Jablon and 
further in view of Mi; and, Claim 11 as being unpatentable 
over the teachings of Thomlinson in view of Aziz, and Jablon 
and further in view of Schneier. For the reasons set forth 
below, Applicants respectfully assert that all of the 
pending claims are patentable over the cited prior art. 

Applicants have reviewed the Examiner 1 s Response to 
Arguments section and respectfully traverse the Examiner's 
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conclusion with regard to knowledge of the key. The 
Examiner has stated that "[a]ny key may be broken through 
cryptanalysis or acquired through hacking." Applicants 
respectfully assert that the present invention provides a 
method whereby the content provider and user at a client 
machine can exchange transmissions that do not include all 
of the information (e.g., the key(s)) which would be needed 
for decryption thereof. Both the content provider and the 
user know an operation to perform on a randomly generated 
number; however, the actual randomly-generated number is 
never communicated between the two. As claimed, the content 
generates a first key known only to that content provider, 
and which is not known to the user. While Applicants cannot 
guarantee that someone with ill intent could not arrive at 
the same random number, Applicants 1 system and method relies 
on the fact that the first key with the random number is not 
known to both parties and cannot, therefore, as readily be 
compromised. Applicants trust that the amendment language 
addresses the Examiner f s concerns. 

The present invention is a computer program product and 
method for securely providing data of a content provider to 
a user without trusting an internet service provider. The 
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present invention allows secure data transfer between a 
content provider and a user without having the internet 
service provider participate in the security features, such 
that transmitted data is always encrypted. In that way, a 
user could access the internet through any service provider, 
without sharing any security information with the internet 
service provider. Similarly, the content provider could 
securely transmit encrypted data to a trusted user, without 
concern that the internet service provider, or other 
customers of the internet service provider, could access the 
content provider's data. The security relationship is 
between the content provider and the user and the claims 
expressly recite steps for exchanging encryption keys and 
passwords only between the user and the content provider. 
By the previous amendments, Applicants have ensured that all 
of the claims expressly recite that the content provider is 
not the internet service provider and that the secure 
transmission is done without trusting the internet service 
provider. 

With regard to the rejections under 112, the Applicants 
have amended the relevant claims to address the Examiner's 
concerns. Applicants have further amended the claims as set 
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forth below. In Claims 1-4, 12 and 15, and newly-added Claim 
18, the claims now expressly recite a method, program 
storage device, and means for securely providing data of a 
content provider to a user at a client machine without 
trusting an internet service provider, wherein the content 
provider and internet service provider are different 
entities, the method comprising generating a first key known 
only to the content provider; encrypting a second key using 
the first key and an encryption algorithm requiring a 
one-time password; transmitting the encrypted second key to 
the client machine; storing the encrypted second key on the 
client machine; and when the user first desires to access 
the data, decrypting the encrypted second key using the 
one-time password; and accessing data transmitted from the 
content provider to the client machine by decrypting an 
encrypted version of the data at the client machine using 
the second key. Applicants have corrected the claim 
language to recite that the client decrypts the encrypted 
second key using the one-time password, as opposed to 
decrypting using the first key. Support is found in the 
Specification at page 7, lines 14-15. 
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In Claims 5-8, 13 and 16, and newly-added Claim 19 now 
recite a method, program storage device and means for 
securely providing data of a content provider through an 
internet service provider to a user at a client machine 
without trusting an internet service provider, wherein the 
content provider and the internet service provider are 
different entities, the method comprising, when the user 
accesses a web page of the content provider, downloading an 
applet from the content provider to the client machine; 
generating a first key known only to the content provider; 
encrypting a second key using the first key and an 
encryption algorithm requiring a one-time password; 
transmitting the second encrypted key for storage at the 
client machine; and when the user first desires to access 
the data, the applet requesting the one-time password from 
the user and, based on correct entry of the one-time 
password, decrypting said second encrypted key and accessing 
the data by decrypting an encrypted version of the data at 
the client machine using the second key. Support for the 
added features related to downloading and executing the 
applet is found in the Specification (e.g., at page 6, line 
12, and page 7, lines 3-21) . 
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In Claims 9-11, 14 and 17, and newly-added Claim 20, 
the claims now recite a method, program storage device and 
means for authenticating a user at one client machine 
seeking access to secure data of a content provider 
comprising: transmitting gAa and the identity of the user 
of the one client machine to the content provider node, 
wherein g and a are random numbers and where a is known only 
to the client machine, and where g is known to both content 
provider and the client machine; generating gAb, where b is 
known only to the content provider node; encrypting gAb 
with a one-time password of the user; calculating gA(a*b) 
using the one-time password to decrypt gAb; and 
transmitting gA(a*b) to the content provider, whereby the 
client machine's knowledge of gA(a*b) authenticates the 
user to the content provider, wherein an encryption key K a t 
for encrypting data to be transmitted from the content 
provider to the client machine and for decrypting the 
encrypted data at the client machine uses gA(a*b) . Support 
is found in the original Specification (see: e.g., page 9). 

The Examiner has rejected all of the pending claims 
using the Thomlinson patent as the primary reference. 
Thomlinson patent is directed to a system and method for 
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protecting data wherein the service provider is involved in 
the encryption and authentication process. As expressly 
stated in Col. 2, lines 12-13 of Thomlinson, "encryption is 
based on the user's logon password or some other secret 
supplied during network logon." Applicants contend that the 
security relationship in the Thomlinson patent is not 
between a user and a content provider wherein the content 
provider is a different entity from the service provider. 
Applicants respectfully assert that the present invention 
expressly omits the service provider from the process in 
order to protect data when an untrusted service provider is 
part of the data delivery. 

The Thomlinson system provides a master key which is 
used to encrypt an item key (col. 9, lines 20-22). In turn, 
at the "client" in Thomlinson, the master key is used to 
decrypt the item key (Col. 10, lines 5-13) . Clearly, the 
master key is known to both entities. Applicants have 
amended the claim language, as discussed above, to expressly 
state that the first key (or f b f in Claims 9, et al) is 
known to the content provider and not to the user. Clearly 
Thomlinson does not teach or suggest that limitation. 
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The Examiner concludes that the item key of Thomlinson 
reads on the second key. However, Thomlinson states at Col. 
9, lines 13-27 that "an item key is randomly generated for 
each data item received. .. [and] ... [t] he data item is 
encrypted with its corresponding item key. . .using a master 
key." Further, "the master key is encrypted using a code 
that is derived from user authentication." Clearly what 
Thomlinson is teaching is encryption based on user 
identification at logon, using an encryption algorithm which 
was previously determined (see: Col. 8, lines 64-67), and 
assignment of item "keys", which are not encryption or 
decryption keys but are item identifiers that are encrypted 
along with the items. Clearly Thomlinson is not teaching or 
suggesting generating first and second keys as claimed. 

While in an earlier Office Action, the Examiner 
acknowledged that the Thomlinson patent does not teach or 
suggest storing encrypted second keys at the client, the 
Examiner now cites Col. 9, line 63- Col. 10, line 4 against 
the claimed storing. What the Thomlinson patent teaches in 
the cited paragraph is that the encryption provider gathers 
the relevant data and "returns all of these in a single 
package to the calling application program." Applicants 
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respectfully assert that returning information to a program 
at the encryption provider location is not the same as or 
suggestive of transmitting information for storage at the 
client location. 

The Examiner has acknowledged that Thomlinson lacks any 
mention of a one-time password and has cited the Aziz patent 
teachings. However, in the arguments presented at the top 
of page 4 of the Office Action, the Examiner is applying the 
Aziz patent teachings to those of the Mi patent. Applicants 
request clarification of the rejections. Applicants further 
assert that Aziz does not provide those teachings which are 
missing from the Thomlinson patent. Aziz does not teach 
encrypting a second key using a first key and a one time 
password at one entity and then decrypting the second 
encrypted key using the one time password at the other 
entity. 

With regard to Claims 2 and 6, the Examiner has further 
cited the Mi patent in combination with Thomlinson and Aziz; 
and, in rejecting Claim 10, the Examiner has cited Mi in 
combination with Thomlinson, Aziz and Jablon. The Mi patent 
is directed to a system and method for using an 
internet-based caller ID to control client access to an 
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object stored on a server. Under the Mi method, upon 
receipt of a client request, the server generates a DLL file 
407 having a secret key 418 (Col. 7, lines 23-26) and sends 
the DLL file with an applet to the client browser (Col. 7, 
lines 27-33 and 41-44) . At the client, the DLL file is 
executed so that the client uses the same secret key 418 
from the DLL file, as well as its processor number 422 which 
is known to the server (Col. 6, lines 56-67) to calculate a 
hash value which is returned to the server (Col. 8, lines 
4-9 and 32-35) . When the server receives the hash value 
from the client, the server's comparison agent calculates a 
hash value, compares it to the received hash value, and 
allows the client access to the data if the two values 
compare favorably (Col. 8, lines 36-44) . For each session, 
the DLL file will contain a different secret key (Col. 7, 
lines 26-27 and Col. 8, lines 49-53) which is known to both 
the server and the client. 

Applicants contend that the resulting combination would 
not obviate the invention as claimed. Since both Thomlinson 
and Mi have a key that is known to both entities, there is 
neither a teaching nor a suggestion of generating and using 
a key that is known to one entity but not known to that 
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other. Moreover , neither reference, alone or in combination 
with the additionally-cited art, provides for the accessing 
of data as claimed or the downloading and use of an applet. 
While Mi may have the processor number known to the server, 
Mi does not teach or suggest the use of that information for 
permitting data access only on one client machine. 

With regard to Claims 9, 14 and 17, Applicants disagree 
with the Examiner's conclusion that the claim language is 
obviated by the combination of Thomlinson, Aziz and Jablon. 
Applicants respectfully rely on the arguments set forth 
above with regard to the teachings of the Thomlinson patent, 
alone and in combination with Aziz. The Thomlinson patent 
simply does not teach that a key is known only to one 
entity. Moreover, the teachings cited from the Jablon 
patent, from Col. 7, lines 16-27, do not provide those 
teachings which are missing from Thomlinson and Aziz. What 
Jablon teaches is that a user creates "the user's hidden 
password, which is maintained as a shared secret and stored 
securely with the host" (see: Col. 7, lines 18-20) . 
Therefore, the password is known to both the user and the 
host. Clearly Jablon is not providing the teachings which 
are missing from the Thomlinson and Aziz patents. 
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In rejecting Claim 11, the Examiner has also cited the 

Applied Cryptography reference for its teachings regarding 

MAC authentication procedures. Applicants respectfully 

assert that the reference does not provide the teachings 

which are missing from the Aziz, Thomlinson and Jablon 

patents. Moreover, Applicants contend that the Examiner has 

failed to show how the MAC authentication procedures would 

be integrated into the teachings of the combined references. 

The Examiner concludes that "[b]oth client and server 

generate the same key during the authentication procedure so 

the MAC authentication would be an easy way to check 

authenticity without needing security". Applicants disagree 

with the Examiner's conclusion. Moreover, applying a MAC to 

Thomlinson, alone or in combination with the 

additionally-cited patents, would not result in the 

invention as claimed, since none of the cited references 

teaches or suggests the use of keys not known to the other 

party, etc. 

Applicants respectfully assert that the Examiner has 
not established a prima facie case of obviousness, since the 
Examiner has not provided prior art which teaches or 
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suggests all of the claims limitations (In re Wilson, 424 F. 
2d 1382, 165 U.S.P.Q. 494 (C.C.P.A. 1970). 

Based on the foregoing remarks, Applicants respectfully 
request reconsideration of the claim language in light of 
the remarks, withdrawal of the rejections, and allowance of 
the claims. 



Respectfully submitted, 



Y. Baransky, et al 
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